Need help with packet encoding

09/18/2010 16:24 Piratenaapje#1
Could anyone explain to me how the TCP packets are encoded? I've been looking a bit in wireshark but can't figure it out. I'm trying to send and receive packets without using the actual client.


Code:
0000  00 23 69 28 17 4a 00 21  6a bf ed ac 08 00 45 00   
0010  00 37 27 1a 40 00 80 06  5e 13 c0 a8 01 65 de 6f
0020  d5 16 fd da 75 31 1f 24  bf 97 6e a2 76 91 50 18
0030  3e e8 bf f9 00 00 0f 00  6c 44 46 c6 f8 2b 68 b3 
0040  1f 74 92 ed 2f
0f 00 6c 44 46 c6 f8 2b 68 b3 1f 74 92 ed 2f was in the data field. This packet is what I got when sending the 2nd password. I'm assuming 0f 00 specifies this is a 2nd password packet. The 2nd password I used was 147147, but I'm not sure how that's encoded in there? Does anyone have more information on this?
09/18/2010 16:28 salsa71#2
Cool story bro.
09/18/2010 16:28 bloodx#3
AES Cryption here is a example all things what u need -> [Only registered and activated users can see links. Click Here To Register...]

******* = r..a..g..e..z..o..n..e..
09/18/2010 16:44 Piratenaapje#4
Quote:
Originally Posted by bloodx View Post
AES Cryption here is a example all things what u need -> [Only registered and activated users can see links. Click Here To Register...]

******* = r..a..g..e..z..o..n..e..
I think I love you :D
09/18/2010 19:32 Piratenaapje#5
So, it's crashing when I try to decrypt a packet. What am I doing wrong?

Code:
#include <iostream>
#include "CryptKalOnline.h"
using namespace std;

int main()
{
    char* test = "0f006c4446c6f82b68b31f7492ed2f";
    DecryptPacket(test);
    cout << test;
}
It outputs:

Code:
Part1: end -1
Part2: end -9
Part3: end -17
Part4: end -25
After that it segfaults... Any ideas?
09/18/2010 19:56 aSynx#6
Quote:
Originally Posted by Piratenaapje View Post
Code:
#include <iostream>
#include "CryptKalOnline.h"
using namespace std;

int main()
{
    char* test = "0f006c4446c6f82b68b31f7492ed2f";
    DecryptPacket(test);
    cout << test;
}
Dunno how the DecryptPacket function looks like, but why to you handle the hex of the packet as string?

BYTE test[] = {0x0f, 0x00, 0x6c, 0x44 ...};

and you dont have to decrypt the size. (first 2 bytes)
09/18/2010 20:33 Piratenaapje#7
Quote:
Originally Posted by aSynx View Post
Dunno how the DecryptPacket function looks like, but why to you handle the hex of the packet as string?

BYTE test[] = {0x0f, 0x00, 0x6c, 0x44 ...};

and you dont have to decrypt the size. (first 2 bytes)
Got confused since the DecryptPacket function requires a char pointer :p. I changed the code to

Code:
int main()
{
    BYTE data[] = {0x0f, 0x00, 0x6c, 0x44, 0x46, 0xc6, 0xf8, 0x2b, 0x68, 0xb3, 0x1f, 0x74, 0x92, 0xed, 0x2f};

char* test = new char[sizeof(data)];

for(int i = 0; i < sizeof(data); i++)
        test[i] = (char)data[i];

    DecryptAES(test, 15);
    cout << test << endl;
}
It outputs ±▄Í▄0Æ╩;g¡2H┘ÀF=┌o╝[┘{
Removing the first 2 bytes doesn't give a readable string either. I'm guessing I need to change the XORKey in CryptVari.h to the correct one? If so, does anyone know what it is or how to get it?
09/18/2010 21:23 MoepMeep#8
printf("%02x",test[i]);
09/18/2010 21:35 Piratenaapje#9
Quote:
Originally Posted by MoepMeep View Post
printf("%02x",test[i]);
Doing that prints a 6 char string... ab0fd8, the next run it prints 960fd8, etc. No 2 runs seem to provide the same output. The 2nd password (147147) should be in this somehow... but I don't see how?
09/18/2010 21:46 aSynx#10
Quote:
Originally Posted by Piratenaapje View Post
Doing that prints a 6 char string... ab0fd8, the next run it prints 960fd8, etc. No 2 runs seem to provide the same output.
printf("%02x",(BYTE)test[i]);

Quote:
Originally Posted by Piratenaapje View Post
The 2nd password (147147) should be in this somehow... but I don't see how?
Well, whatever you did above, it won't work like this.
09/18/2010 21:54 Piratenaapje#11
Quote:
Originally Posted by aSynx View Post
printf("%02x",(BYTE)test[i]);



Well, whatever you did above, it won't work like this.
Guess not :s. Isn't there any example code of decoding or encoding packet data with bakabugs cryptkalonline? Or any other method of decoding this packet data?
09/20/2010 17:38 meak1#12
i think if u search Noor sources u got a source where he decrypt packets and encrypt it but the xor key changed =D